Sounds like Code Red. We get a lot of these too, and the Microsoft attacks don't do much to an Apache server :)
-Anne This one time, Michael Renzmann wrote: > Hi all. > > While digging through the error.log of my apache I found two lines that > seem to hint toward a new (?) worm. I saw the first one some days ago, too: > > [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed: > erroneous characters after protocol string: CONNECT > mailb.microsoft.com:25 / HTTP/1.0 > > Looks like there is someone trying to abuse a proxy to connect to a SMTP > server? > > > The second is a new one (which means I never saw it before). It appears > several times in the log, below I quoted the first appearance: > > [Sat Sep 7 05:33:20 2002] [error] [client 202.224.228.106] Client sent > malformed Host header > > Any idea what type of attack these lines give a hint about? I think > Apache is safe here, this most probably would be an attack against IIS > or something like that. But I would like to learn a little more about > those ones... > > Bye, Mike > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- .-"".__."``". Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' gator at cacr dot caltech dot edu (O/ O) \-' ` -="""=. ', Center for Advanced Computing Research ~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pgpUhoNg6mwDf.pgp
Description: PGP signature